In & Out – The Network Data Exfiltration Techniques Training

Presented By: Leszek Miś

The In & Out – Network Data Exfiltration Techniques [RED edition] training class has been designed to present students modern, emerging tools and techniques available for network data exfiltration, testing and bypassing DLP/IDS/IPS/FW systems, protocol tunneling, hiding, pivoting and generating malicious network events. Highly technical content and only a hands-on practical approach guarantees that the usage of this transferred knowledge & technologies in real production environments will be easy, smooth and repeatable.

As for the introduction we will cover the latest APT-style campaigns using malware samples, analyze the top C2 network communication techniques seeing in the wild and map the findings directly to ATT&CK Framework, kill chain methodology and defense/offense in depth strategy. We will also learn through the importance of network baselining, memory forensics, automated malware analysis solutions. Then, we will focus on the real threat simulation tactics that are the key important aspect of this training.

We will deep dive into the individual network protocols, services and post exploitation techniques commonly in use by adversaries in corporate networks and discuss the security detection features. Using available set of tools, the student will play one by one with well prepared exfiltration, pivoting, tunneling and protocol anomalies use-cases to generate the true network symptoms of modern attacker behavior.

This 3 day course will take place on the 9th, 10th and 11th of September 2019 in London.
The price is £1,950 (inc VAT). Book your place in our shop now.

Learning Objectives

Learn how to bypass Linux and Windows local security restrictions and command line arguments detections by using obfuscation and Living Off The Land Binaries And Scripts

Generate and run different, encrypted types of TCP/UDP reverse and bind shells across Windows and Linux systems, pivot to the next subnets, configure port forwarding & proxying, change a transport on the fly and find what the network traffic artifacts of such actions are.

Simulate DNS DGA traffic, run a DNS tunnels and remote shells, exfiltrate and hide data transfer using DNS-over-HTTPS and explain how to gain the Internet connection on the plane or in the hotel for free through captive portal bypassing.

Use different HTTP techniques, headers and methods for stealing the data with combination of web application injection techniques (OOB) + walk through the world of web shells

Run, detect and understand a TLS/SSL-based anomalies and exfiltration methods

Run a cmd.exe and deliver compressed and encrypted, in-memory offensive Powershell scripts during a post-exploitation stage for leaking the data and bypassing AV / EDR / AMSI

Clone, armor and phish popular websites and use them for covert channel

Replay malicious PCAP files and in terms of network behaviour and analyze the malware samples using Cuckoo

Describe the syntax of signature-based rules works, how Suricata or Bro IDS can help you detect suspicious events and what are the differences between these two IDS engines

Understand values of automated attackers simulations

Run verification actions for IT security products and providers during PoC / PoV

And many, many more.

Through hands-on labs, this training delivers you a bigger picture of what you really need to care about when thinking initially or improving lately your SOC environment or Red and Blue team skills, your SIEM deployments, your DLP/IDS/IPS installations or Machine-Learning and anomaly detection security solutions.

All the below training exercises are based on pure hands-on approach where student will run every single action or chained scenarios on his own in the dedicated virtual-lab network. This class will focus on x86/x64 architecture, IPv4/IPv6 networks and target Linux and Windows environments.

About the Trainer

Leszek Miś is the Founder of Defensive Security (www.defensive-security.com), Principal Trainer and Security Researcher with over 15 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator and system developer, Solution Engineer, DevOps and CI, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got a deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.

His areas of interest include network “features” extraction, OS internals and forensics. Constantly tries to figure out “what da **ck” the AI/ML Network Security vendors try to sell. In free time he likes to break into “IoT world” just for fun.